#!/bin/bash
# Bootstrap S3 backend for Terraform state
# Run this ONCE before migrating state
set -euo pipefail
BUCKET="supergateway-terraform-state"
TABLE="supergateway-terraform-locks"
REGION="us-east-1"
echo "Creating S3 bucket: ${BUCKET}"
aws s3api create-bucket \
--bucket "${BUCKET}" \
--region "${REGION}"
echo "Enabling versioning on ${BUCKET}"
aws s3api put-bucket-versioning \
--bucket "${BUCKET}" \
--versioning-configuration Status=Enabled
echo "Enabling server-side encryption on ${BUCKET}"
aws s3api put-bucket-encryption \
--bucket "${BUCKET}" \
--server-side-encryption-configuration '{
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "aws:kms"
},
"BucketKeyEnabled": true
}
]
}'
echo "Blocking public access on ${BUCKET}"
aws s3api put-public-access-block \
--bucket "${BUCKET}" \
--public-access-block-configuration \
BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
echo "Creating DynamoDB table: ${TABLE}"
aws dynamodb create-table \
--table-name "${TABLE}" \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--billing-mode PAY_PER_REQUEST \
--region "${REGION}" \
--tags Key=Project,Value=Supergateway Key=ManagedBy,Value=Terraform Key=auto-delete,Value=no Key=Environment,Value=Prod
echo ""
echo "Done! Now run:"
echo " cd terraform"
echo " terraform init -migrate-state"
